SaaS Contracts – Software as a Service Agreements

SaaS Contracts - Software as a Service AgreementsSaaS contracts, or Software as a Service agreements as they are sometimes called, come in different flavors and varieties. In many cases, however, SaaS contracts from different SaaS technology providers will address a similar bucket of legal issues. These issues, and the SaaS contracts themselves, are often impacted by the particular features offered by the SaaS service. While the list below is by no means exhaustive, SaaS technology providers should think through them when developing a business to business SaaS contract. A SaaS technology provider with a savvy customer base should also prepare for issues that are often negotiated in SaaS contracts.

1. What Services Does Your SaaS Contract Promise?

While it may seem obvious, many SaaS contracts do not adequately inform a customer about what is included and excluded from the SaaS services. This area is important to the SaaS technology provider, as it should only commit to provide specified services and exclude all others. If the SaaS service requires third party materials for it to work effectively, the SaaS contract should address the responsibility for acquiring rights to these materials. In many cases, there are packages or levels of SaaS services with bundled features. The SaaS contract should provide for this framework as well as any ability that the customer may have to upgrade, downgrade or add additional SaaS services during the SaaS contract term.

2. Economics 101 and SaaS Contracts

Like most customers, SaaS customers often negotiate pricing, renewal, expansion and other economic terms. Even with SaaS services that are provided in a bundled or tiered model, technology customers often expect discounts as they are used to them from years of licensing software and buying hardware products. While the SaaS contract can provide a framework of economic terms, be prepared to negotiate them. In some cases, especially where the SaaS customer has many options, closing the deal will come down to price. In others, economic concessions can be leveraged when negotiating other terms that could increase the SaaS technology provider’s risk. The term of the SaaS contract can also be used to lock-in pricing for certain periods, with greater discounting being provided for longer-term commitments by SaaS customers.

3. SLAs and Support Issues in SaaS Contracts

SaaS customers expect reliability from SaaS technology providers. Especially with SaaS services that customers deem mission-critical, savvy SaaS customers look for service level agreements and robust support provisions to give them comfort. SaaS technology providers often provide a base service level, and more sophisticated SaaS services may provide for higher-level tiers and support options. A SaaS provider should provide details of its service level commitment in its SaaS contract. These provisions may take different forms, but typically are combined with other provisions that limit the SaaS provider’s exposure for performance or reliability issues, sometimes through limited monetary credits against future invoices for the SaaS services.

4. Limiting Liability and Risk in SaaS Contracts

Like other technology contracts, SaaS contracts often employ a variety of contractual mechanisms to limit the SaaS technology provider’s liability. These can include disclaimers of warranties, limitations on remedies, limitations on the types of damages recoverable against the SaaS technology provider, and a monetary cap on the SaaS technology provider’s liability. These provisions are often negotiated by savvy SaaS customers. Other provisions can be employed in SaaS contracts to limit risk and give SaaS providers legal protection. These include force majeure provisions, governing law and exclusive jurisdiction terms, and provisions that permit a SaaS technology provider to recover interest, collection costs and attorneys’ fees when enforcing the SaaS contract against the SaaS customer. In addition, a SaaS contract will typically provide the SaaS technology provider with the right to terminate and/or suspend the provision of SaaS services in the event of a breach or default by its customer.

Many SaaS customers seek broad-form indemnification from a SaaS technology provider on a number of issues, including third party claims for intellectual property infringement. Similarly, depending on the facts and circumstances, a SaaS technology provider may want to request indemnities from the SaaS customer based on its use of the SaaS service and the materials (including data) that it uploads to the SaaS service. Like all risk allocation provisions, indemnities are often negotiated and a SaaS provider should attempt to narrowly tailor any indemnification it provides and ideally limit its indemnification to those areas for which it has obtained insurance which can serve as a funding source if indemnity claims arise.

5. Data and Information in SaaS Services; Regulatory Requirements

SaaS customers typically have data and information security concerns at the top of their lists when evaluating SaaS technology providers and SaaS contracts. It is incumbent upon SaaS technology providers that they are able to effectively communicate what they are doing to protect the data of SaaS customers. Many SaaS technology providers have obtained certifications or received audit reports that are designed to be shared with potential customers as part of their marketing communications. Customers will also have specific concerns about data usage, especially if a SaaS contract provides the SaaS provider with the right to use the SaaS customer’s data or data generated from the SaaS customers usage of the SaaS services. Where the SaaS service is not directed at a particular industry, SaaS technology providers may face customers that are subject to varying regulatory structures governing the use, processing and storage of data. This is an area that will continue to rapidly evolve, and a SaaS technology provider should keep abreast of developments so that it can anticipate and prepare responses to issues raised by SaaS customers.

With that said, many SaaS contracts will limit the SaaS technology provider’s liabilities for data related losses, including data breaches and data corruption. In addition, many SaaS contracts contain provisions that reflect the reality that no information security system is 100% secure or free from errors in design or operation.  A SaaS contract can also provide some comfort to customers on other data-related issues, such as the timing and frequency of back-ups, and the ability for a Saas customer to obtain exports of their data through the SaaS service. However, a SaaS provider should be careful to specifically identify what “data” is and what portion of that “data” will be accessible to the customer for exporting or otherwise and in what formats. This can help decrease the likelihood of disputes on these issues.

A SaaS technology provider should also be aware that the SaaS services themselves may require the SaaS technology provider to comply with legal and regulatory requirements. This is an area that is best addressed in the planning and development phase of the SaaS service so that the requirements can be built into the SaaS service. In many areas, however, a SaaS service may raise novel issues as to whether it is covered by a regulatory framework, or there may not be a current regulatory framework in effect to provide guidance to laws written many decades ago. In other areas, detailed regulatory requirements may make or break a SaaS technology provider’s ability to service a particular industry or sector. In any event, SaaS technology providers must conduct initial and ongoing due diligence on regulatory requirements as ignorance of applicable laws are not often excused. Furthermore, keeping up with the latest developments and keeping the SaaS services compliant can provide a significant competitive advantage over slower-moving competitors.

6. Thinking Outside SaaS Contracts

Developing Saas contracts requires that a SaaS technology provider think outside the terms and conditions of its SaaS contracts. These contracts, by their nature, attempt to limit exposure and protect the SaaS technology provider from downside risks. By limiting commitments, and utilizing liability-reducing contractual mechanisms, the SaaS contract attempts to put the SaaS technology provider in a contractually advantageous position should a loss occur or a dispute arise between the parties. However, SaaS contracts themselves may do nothing to alleviate the reputational loss and real liability exposure that could exist when things go wrong. For this reason, SaaS technology providers should also look to other mechanisms to help them manage risk.

As noted above, one method that can help is appropriate insurance coverage with adequate limits. A SaaS technology provider should work closely with its insurance provider to make sure it has insurance in place to cover known risk areas for SaaS services such as data breaches, cyberliability and intellectual property issues. Insurance may not come cheap, but insurance can often come to the rescue when things go awry. Insurance can help avoid large hits to cash-flow and insurance companies often have teams to help companies triage larger risk events and begin implementing mitigation plans soon after a loss occurs. SaaS technology providers should also work with their accountants and tax advisors to determine whether their SaaS services or components are subject to tax in any applicable jurisdictions.

SaaS technology providers should also look at where they stand in their own information technology ecosystem. SaaS contracts with customers are an important piece of the puzzle, but what about the SaaS technology provider’s own licenses, SaaS contracts and other agreements with its own information technology hardware and software providers? These agreements provide the framework upon which the SaaS provider is able to provide SaaS services to its customers, so they must be negotiated to allocate risk and responsibilities to third party providers where appropriate. In some cases, a SaaS technology provider itself depends on other significantly larger SaaS providers and, in these cases, leverage can be an impediment to getting adequate terms and conditions – or even to the negotiating table at all. However, going through the process and seeing what promises are being made to the SaaS technology provider can help guide it in deciding what it can commit to its own customers. In some cases, a SaaS technology provider will want to mitigate its own risks by maintaining agreements with multiple redundant providers of key IT infrastructure, and by bringing some external mission-critical components in-house.

7. SaaS Contracts and Closing the Deal

With appropriate planning and an effective communication strategy, SaaS technology providers can build better SaaS contracts that help manage downside risks. Working with an attorney familiar with SaaS contracts can help a a SaaS technology provider in this process, and also help prepare options and alternative language that can be used do overcome hurdles when negotiating deals with important SaaS customers.

Copyright (c) 2017 Geoffrey G. Gussis, Esq. All Rights Reserved. Contact: geoff@gussislaw.com or (732) 898-0549. Licensed to practice in New Jersey and New York.

The materials available at this web site are for informational purposes only and do not constitute legal advice. You should contact a licensed attorney in your jurisdiction to obtain advice with respect to any particular issue or problem. Use of and access to this website, or any of the information or links contained within the website, does not create an attorney-client relationship.